Labbing

…if everyone is trying to make your life harder. couple weeks ago I refreshed my private email server on FreeBSD. for some time spam levels were raising and I had to do something about it. old spamassassin was not handling it accurately enough anymore. enter spamd from OpenBSD. current postfix has built in greylisting server that’s working quite well. for my installation I tuned it a bit, by extending period of time that has to pass from last delivery attempt (to 1200 seconds, which is 20 minutes): ...

my old poor LSI 9211-8i RAID card, that was powering my cache NAS server, decided to die. my spare 9261-8i, to my complete suprise, was halting FreeNAS at the boot… and i was not able initially to troubleshoot the problem. it was dropping mysterious timeout errors: mfi0: COMMAND 0xfffffe000150dc08 TIMEOUT AFTER 59 SECONDS mfi0: COMMAND 0xfffffe000150dc90 TIMEOUT AFTER 59 SECONDS mfi0: COMMAND 0xfffffe000150dc18 TIMEOUT AFTER 59 SECONDS run_interrupt_driven_hooks: still waiting after 60 seconds for xpt_config my google-fu immediately shown me some potential solutions, but they were totally random nad kind of voodoo-magic (‘disable Firewire controller!’, ‘disable ATA controller!’… and so on). also, i tried to upgrade firmware version, downgrade it… the problem was still there. ...

during the last 30 years, processor speeds has increased from millions of cycles to billions - multiplied by multi-core and special mechanisms that increase the efficiency of working with ‘boring’ cores. Pentium 66 processor from 1993 contained 3.2 million transistors, which is anyway quite a value, considering they are packed into a space comparable to that of four dices - and contains one main unit. available today Xeon E5-2699v4 has 22 cores operating at nominal frequency 2.2GHz clock and 7.2 billion transistors. ‘imagine that’! ...

FreeNAS is special edition of tuned-up FreeBSD, with GUI available over WWW to enable easy setup and maintenance. i had to migrate recently my old Synology 1815+ thanks to well known Intel SNAFU with Atom CPUs. interestingly enough, even Synology own service department declined to RMA the NAS, without even discussing the situation. so i managed to setup quickly 12x 3.5" bay server. i had five 3.5" 8TB HDDs from Synology that i wanted to rescue data from. the server itself is kind of old one - but solid. it’s a dual Intel L5100 series chassis (with sadly one CPU only), 64GB of RAM, LSI/Avago RAID card and Intel twin 10GE NIC. for ‘fast & dirty’ hack it was more than enough. ...

every two (or three, depending how desperate you are) years, in life of every CCIE and CCDE there is this looming deadline called ‘recertification’. panic is usually short lived and ends with ‘push’ - succesful recertification. in variable styles and techniques, but successful nonetheless. i had opportunity recently to execute this dance. and wise words people say, that if you loose daily connection with networking gear and technologies, you very quickly loose and forget expert level skills. ...

weekend at countryside kind of suprised me… :) so, Cisco 887VAGW+7-E-K9, a little configuration and here we are. ! chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 15 "OK" ! interface Cellular0 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 300 dialer string gsm dialer-group 1 async mode interactive ! ip nat translation timeout 60 ip route 0.0.0.0 0.0.0.0 Cellular0 ! dialer-list 1 protocol ip permit ! line 3 exec-timeout 0 0 script dialer gsm modem InOut you’d need to configure profile however. as i didn’t have SIM card and i had poor experience with Orange in Poland, i decided to try challenger - Plus. they had a small sales office in nearby city. ...

it’s subject old as world (password-protected world, that is). i had to do some of cleanup on my devices and i hit a problem with 4096 bit keys. so, just as a reference that may be helpful somewhere for someone - you import keys to Cisco IOS without any special problems: router#conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)#ip ssh pubkey-chain router(conf-ssh-pubkey)#username TEST router(conf-ssh-pubkey-user)#key-string router(conf-ssh-pubkey-data)#AAAAB3NzaC1yc2EAAAADAQABAAACAQDCiLBaopUwsFb9YJNhGqVYqBajlrH S/zwD6/yR6N8VcRzrpqMMNCFXe1q5GMGM[...]ANWInd9GHBjTzbJWVwavxy1ooQewii8ErofZuv1l/SXSdXLzfL p0zMoZ0L+BNPS0j4XBS0N3t8Vl8oVixqIeG2BNTCNaDDt6hx2Q== lukasz@bromirski.net router(conf-ssh-pubkey-user)#exit router(conf-ssh-pubkey)#exit for Cisco ASA, keys that are longer than 2048 bits need to be prepared using pkf format, as command line has limit of 512 bytes. so, to move key in OpenSSH compliant format like this one: ...

…workstation requires two! ;) i had some time over Christmas to finally build myself following beast: Asus Z9PE-D8 WS (BIOS 5304, original 3304 had some interesting bugs Xeon E5 2660 (Sandy Bridge EP/EX) - 16 cores, 32 HT Corsair H80i for CPU cooling 64GB RAMu (8x 8GB DDR3 1600 ECC) OWC 480GB PCIe - has two 240GB blades in RAID0 Corsair Obsidian 900D 2x Seagate 4TB HDD [6x Samsung 2TB] LSI 9261-8i to drive those mechanical disks in RAID5 Creative SB ZX AMD Radeon 7970 connected to three Dell U2412 monitors Intel x520 NIC connected to Catalyst 2960S and to other workstation - Xeon 5670, 48GB RAMu, OWC 240GB as boot and two 2TB RAID0 disks as RAID0 for ESXi 5.5 as we sometimes laugh with each other - ‘it opens Total Commander pretty bloody fast’. VMware Workstation 10 orchestrates number of VMs running at the same time and i can still use workstation as normal desktop. Visual Studio 2013 is able to compile whole projects in a blink of an eye. ...

you spend a lot of time preparing OVA to save time in future and enable cloning. then, during importing to remote ESXi you get following error message: Failed to deploy OVF package: The task was canceled by a user.. i didnt’ cancel anything! it’s frustrating, and it seems its a small problem on import format side, not on user side. OVA is simple ZIP file that can be unpacked, so you should do so. then, remove file with checksums (*.mf) and in the virtual machine definition file (*.vmx) change vmware.cdrom.iso to vmware.cdrom.atapi. ...

if you haven’t noticed by now, in the IOS 15M line we introduced IOS shell. firing it up is just as easy as doing: C2#conf t C2(config)#shell processing full now you have new, UNIX-like commands and options to chain them, including nested grep. C2#sh running-config | wc -l 163 C2#sh running-config | grep ip | grep 2001 ipv6 address 2001:DB8:10::10:254/64 ipv6 route ::/0 2001:DB8:10::10:1 if you by now are fun of such capabilities, having been working with IOS XR - it’s a nice touch :) ...